Stop Searching. Start Trusting.

The curated directory of MCP servers, vetted for security, efficiency, and quality.

Browse DirectoryWhy Us?

Tired of the MCP "Marketplace" Chaos?

We built MCPScout.ai to solve the ecosystems biggest pain points.

No Insecure Dumps

We manually analyze every server for basic security flaws.

Easy Setup

Our gotcha notes warn you about complex setups.

Avoid "Token Hogs"

We estimate token costs for cost-effective agents.

Products, Not Demos

We filter out "Hello World" demos.

CATEGORIES:
SORT:

Vetted Servers(7756)

55
1
Medium Cost

starter-mcp-server

by bravo-box

Sec6

A starter kit for developing and deploying serverless functions or microservices across multiple cloud providers, exemplified by a chat application.

Setup Requirements

  • ⚠️Requires cloud provider accounts (e.g., AWS, GCP, Azure) and associated credentials.
  • ⚠️May require specific Infrastructure as Code (IaC) tools (e.g., Terraform, Pulumi) for infrastructure deployment.
  • ⚠️Docker might be required for local development or containerized deployments.
Review RequiredView Analysis
Without access to the code or a complete README, specific vulnerabilities cannot be identified. As a 'server' and 'function' platform, it inherently carries potential risks related to insecure defaults, network exposure, and the execution environment for user-defined functions.
Updated: 2025-11-18GitHub
55
156
Medium Cost
cyanheads icon

git-mcp-server

by cyanheads

Sec8

A Model Context Protocol (MCP) server that provides Git-specific tools and resources for AI/LLM agents to interact with version control systems.

Setup Requirements

  • ⚠️Requires the Git CLI (binary `git`) to be installed on the system and available in the PATH for the default `CliGitProvider`.
  • ⚠️Requires `OPENROUTER_API_KEY` to be set for interaction with Large Language Models (LLMs), which is a paid service.
  • ⚠️Authentication (if `MCP_AUTH_MODE` is 'jwt' or 'oauth') requires additional environment variables like `MCP_AUTH_SECRET_KEY`, `OAUTH_ISSUER_URL`, and `OAUTH_AUDIENCE` for secure operation, especially in a production environment. The default `MCP_AUTH_MODE` is 'none', which disables authentication.
  • ⚠️If speech capabilities are enabled (`SPEECH_TTS_ENABLED` or `SPEECH_STT_ENABLED`), API keys for ElevenLabs (`SPEECH_TTS_API_KEY`) and/or OpenAI Whisper (`SPEECH_STT_API_KEY`) are required, which are paid services.
Verified SafeView Analysis
The server demonstrates strong security awareness, implementing detailed path sanitization (`sanitizePath` to prevent directory traversal and enforce `GIT_BASE_DIR`), robust authentication via JWT/OAuth, and scope-based authorization. Critical secrets are loaded from environment variables. Direct execution of native Git CLI commands (via `CliGitProvider`) is a potential attack surface, but the codebase uses a command builder with argument validation and a `SAFE_GIT_OPTIONS` set, significantly mitigating risks. A 'development mode' bypass for authentication is present for convenience, but the `JwtStrategy` explicitly warns and enforces `MCP_AUTH_SECRET_KEY` in production, which is good practice. Proper configuration of `MCP_AUTH_MODE` and `GIT_BASE_DIR` is crucial for production deployments.
Updated: 2025-12-13GitHub
55
1
Medium Cost
yasg1988 icon
Sec9

Provides educational data (schedules, grades, homework) from Dnevnik.ru API to AI assistants via the Model Context Protocol (MCP).

Setup Requirements

  • ⚠️Requires manual Dnevnik.ru OAuth token acquisition through a browser.
  • ⚠️Requires manual identification and configuration of `person_id`, `school_id`, and `group_id`.
Verified SafeView Analysis
The server uses environment variables or a config file for API tokens, which is a good security practice. It interacts with an external API via `aiohttp.ClientSession` and doesn't expose any direct network interfaces, communicating through standard I/O (stdio_server). There are no 'eval' or obvious malicious patterns. The `set_attendance` tool is described in the README but not implemented in the provided code, which is a minor inconsistency but not a security risk.
Updated: 2025-12-06GitHub
55
1
Medium Cost
Etude-Labs icon
Sec9

An IDE-agnostic MCP server that exposes project rules and workflows as MCP resources, providing consistent development guidelines to AI coding tools.

Setup Requirements

  • ⚠️Requires .NET 9 SDK
  • ⚠️Docker required for containerized deployment
  • ⚠️External authentication/TLS handling required for HTTP endpoints in production
Verified SafeView Analysis
The server adheres to a clean architecture and has explicit mitigations for common risks like path traversal. It runs as a non-root user in Docker. HTTP transport does not include built-in authentication or TLS, expecting these to be handled by upstream infrastructure (e.g., API gateway, ingress, load balancer). Configuration and rule files are recommended to be mounted as read-only.
Updated: 2025-12-03GitHub
55
1
Medium Cost
tellahq icon

plain-mcp

by tellahq

Sec9

An MCP server for managing and querying Plain.com support threads and customer information via tools for an AI agent.

Setup Requirements

  • ⚠️Requires a Plain.com API key (PLAIN_API_KEY) with appropriate permissions (read/write for threads and customers).
  • ⚠️Requires 'bun' runtime to be installed.
  • ⚠️Requires updating Claude Code config (`~/.claude.json`).
Verified SafeView Analysis
The server correctly uses environment variables for API keys. It makes external calls to the Plain.com API, which is expected functionality. The use of `plain.rawRequest` for GraphQL queries is contained to a specific, predefined query for timeline entries, limiting potential for injection. No `eval` or obvious malicious patterns found.
Updated: 2025-11-28GitHub
55
85
Medium Cost
always-further icon

AgentUp

by always-further

Sec9

AgentUp is an enterprise-grade framework for building, deploying, and managing secure and reproducible AI agents using configuration-driven principles, integrating with the A2A and MCP protocols.

Setup Requirements

  • ⚠️Requires a compatible LLM provider (e.g., OpenAI API Key (paid), Anthropic API Key (paid), or a local Ollama server running).
  • ⚠️Persistent storage for state management or push notifications (e.g., Valkey/Redis) might be required, potentially needing Docker/Docker Compose for setup.
  • ⚠️The default agent setup assumes a local Python environment (`pip install agentup`).
Verified SafeView Analysis
The project exhibits a strong focus on security, with comprehensive authentication (API Key, JWT, OAuth2) and authorization (scope-based access control) mechanisms. It includes network rate limiting, input sanitization for function arguments, and proactive validation of webhook URLs to prevent Server-Side Request Forgery (SSRF). The plugin system is designed with security considerations, including allowlisting/blocking and validation of plugin configurations. While 'eval' is seen in documentation examples, its use in core code is carefully managed (e.g., `json.loads` for arguments, with internal sanitization), suggesting high awareness of potential risks. The layered security approach makes the framework robust.
Updated: 2025-12-08GitHub
55
1
Medium Cost
Sec6

This server implements the Model Context Protocol, likely for managing and serving contextual data and interactions for AI models.

Setup Requirements

  • ⚠️Requires `uv` package manager for dependency resolution and environment setup, as indicated by `uv.lock` and `pyproject.toml`.
  • ⚠️A specific Python version is required, as specified in the `.python-version` file.
Review RequiredView Analysis
A deep security audit is not possible without access to the actual code. File names suggest a standard Python server structure using a modern dependency management system. No obvious signs of 'eval' or obfuscation were found from the file names alone. General network risks associated with any server application should be considered, but no specific vulnerabilities can be identified without code inspection.
Updated: 2025-11-17GitHub
55
1
High Cost
fxrrysalim icon

rbx-mcp-engine

by fxrrysalim

Sec5

Provides a high-performance, WebSocket-based bridge for AI agents to interact with and control Roblox Studio in real-time.

Setup Requirements

  • ⚠️Requires Roblox Studio to be installed on the machine.
  • ⚠️The 'rbx-studio-mcp.exe' executable must be downloaded and its path specified in the AI client's MCP configuration.
  • ⚠️Requires configuration of an external MCP-compatible AI client (e.g., Claude, Cursor, Windsurf).
Verified SafeView Analysis
The primary security consideration is the `run_code` tool, which allows AI agents to execute arbitrary Luau code within Roblox Studio with 'God Mode' privileges. While this is an advertised core feature enabling deep engine access and control, it inherently presents a significant risk if the AI agent or its prompts are compromised. The server communicates with the AI client via standard I/O (stdio JSON-RPC) and with Roblox Studio via a localhost-bound WebSocket (port 44755), limiting external network attack surface. No hardcoded secrets or obvious malicious patterns were found in the provided source.
Updated: 2025-12-01GitHub
55
1
Low Cost
pand40x icon

crypto-mcp

by pand40x

Sec9

Provides real-time and historical cryptocurrency data to LLM applications, using Binance as the primary source and CoinMarketCap as a fallback.

Setup Requirements

  • ⚠️Requires CoinMarketCap API keys for fallback functionality, which must be obtained and configured in a .env file.
  • ⚠️The MCP client configuration requires the absolute path to the 'build/index.js' file, which can be a common point of error.
  • ⚠️Node.js v20.0.0 or higher is required.
Verified SafeView Analysis
The server uses environment variables for API keys and `zod` for input validation, which are good security practices. It avoids hardcoding secrets and utilizes public API endpoints where possible. No 'eval' or other directly dangerous functions are used. Symbol normalization helps prevent injection. The overall design prioritizes robustness and security within its operational scope.
Updated: 2025-11-29GitHub
55
1
Medium Cost
Sec9

Facilitates AI agent-driven UI test generation and execution for Next.js applications using Playwright, returning test artifacts and summaries.

Setup Requirements

  • ⚠️Requires 'pnpm' for dependency management.
  • ⚠️Requires Playwright and its browser dependencies to be installed separately via 'pnpm dlx playwright install --with-deps'.
  • ⚠️Requires a Node.js runtime environment to execute the server.
Verified SafeView Analysis
The server generates Playwright specs based on structured 'goals.md' input and executes them locally using `npx playwright test`. While Playwright interacts with browser processes and the local filesystem for artifacts, there's no evident use of 'eval' or direct arbitrary code execution from untrusted sources within the server logic itself. The primary security consideration lies in the potential for a malicious 'goals.md' file to craft Playwright actions that could perform undesirable operations, but this assumes the agent (and thus the user) provides such input.
Updated: 2025-11-17GitHub
55
155
Low Cost
meilisearch icon

meilisearch-mcp

by meilisearch

Sec8

Connects LLMs (like Claude and OpenAI agents) to Meilisearch, enabling natural language control for managing search indices and performing searches.

Setup Requirements

  • ⚠️Requires Python >= 3.10.
  • ⚠️A running Meilisearch instance is mandatory, typically on http://localhost:7700.
  • ⚠️Requires an MCP-compatible client (e.g., Claude Desktop, OpenAI agents) to interact with the server.
Verified SafeView Analysis
The server's core logic appears robust. However, the README explicitly warns that updating Meilisearch API keys directly in chat, while convenient for development, 'does not follow best MCP security practices and should not be used in production environments without proper safeguards.' This highlights a potential risk if deployed without careful consideration of access control for the MCP client itself.
Updated: 2025-11-24GitHub
55
1
High Cost
QwQzy icon

searcher

by QwQzy

Sec5

Provides a Model Context Protocol (MCP) server for aggregating and extracting information from search engines like Bing using Playwright for web scraping.

Setup Requirements

  • ⚠️Requires Python 3.12
  • ⚠️Requires manual Playwright Chromium installation via `playwright install chromium`
  • ⚠️The `bing_cn_detail` tool could expose the server to Server-Side Request Forgery (SSRF) if publicly accessible without proper input validation or firewall rules.
Verified SafeView Analysis
The `bing_cn_detail` tool allows fetching content from arbitrary URLs. If this MCP server is exposed to untrusted external input, it could be exploited for Server-Side Request Forgery (SSRF) to scan internal networks or access internal resources. The client-side `json.loads` on user input in `client.py` is a potential risk for the client environment, though Pydantic validation on the server side mitigates direct injection vulnerabilities for tool parameters. The `headless=False` mode and `slow_mo` for Playwright are not security risks but indicate a non-production-ready setup that might consume more resources or be unsuitable for server deployments without display environments.
Updated: 2025-12-06GitHub
PreviousPage 43 of 647Next